CafePress May Not Qualify For 512 Safe Harbor – Gardner v. CafePress

Gardner is a wildlife photographer. He sued CafePress and Beverly Teall alleging that Teall sold a product through CafePress displaying one of Gardner’s images. While only one image was at issue in the operative complaint, prior to mediation, plaintiff’s counsel identified several other images uploaded by another user that allegedly infringed on plaintiff’s copyrights. All of the images were uploaded by the users prior to plaintiff having obtained a valid registration for the copyrights.

The court discusses CafePress’s platform and offerings. CafePress allows users to set up shops (two basic versions and a premium version) and sell products bearing content uploaded by end users. In addition, users can make their products eligible for sale via CafePress’s marketplace, which CafePress ultimately curates and manages. Finally, CafePress makes available products to Amazon and eBay, which the court says “involves CafePress’s marketing department providing content to Amazon and eBay regarding certain products, which are then sold through those companies.” When users upload content in connection with their proposed CafePress products, CafePress strips out all of the metadata associated with the content. (This process is automated.)

CafePress asks the court to grant summary judgment and dismiss the lawsuit, but the court declines.

CafePress isn’t necessarily a “service provider”: The court says that although the DMCA’s definition of “service provider” is incredibly broad, and CafePress is similar to numerous other entities that have been found to be service providers, CafePress’s “direct sales,” coupled with its acts of determining the price and paying a royalty, means that it has gone beyond being a mere intermediary. As such, the court declines to find as a matter of law that CafePress is a service provider that can be eligible for DMCA protection in the first place.

CafePress is not entitled to safe harbor under 512(c): CafePress argued that it was entitled to immunity under 512(c) (“information residing . . . at direction of users”), probably the DMCA’s most often litigated provision. The court says that CafePress is not entitled to 512(c) immunity.

First, DMCA safe harbor under 512(c) requires that the content in question be stored “at the direction of the user,” but CafePress doesn’t qualify. The grant of discretion to determine what images are sold through the CafePress marketplace, along with CafePress’s decision as to what images are made available through Amazon and eBay, go well beyond “facilitating the storage and access of allegedly infringing materials.” The court says CafePress’s downstream activities in exploiting user-uploaded content were not necessarily taken “by reason of” the users’ uploading of the images in question.

The court also addresses whether CafePress derived a financial benefit attributable to the allegedly infringing activity where it has the “right and ability to control” the activity. As to the financial benefit, the court says that the relevant question is whether the allegedly infringing activity constituted “a draw” for users. The court says that to the extent CafePress acted as a “service provider”, there’s no evidence that allegedly infringing content was a “draw” and CafePress was entitled to summary judgment on this point. However, the court says that to the extent CafePress “engaged in non-service-provider activities,” it may have received a “direct financial benefit.” The court also adds that CafePress had the right to control the activities in question. Citing to Henrickson v. eBay and Corbis v. Amazon, the court says that unlike the entities in those cases, CafePress’s active involvement and contractual power over the sales process means that it could have the requisite “right and ability to control” the activities in question.

In order to be entitled to DMCA safe harbor, CafePress must lack actual or red flag knowledge that the content issue may be infringing. The court finds that plaintiff failed to offer any evidence regarding CafePress’s actual or apparent knowledge and finds for CafePress on this point.

Stripping metadata could be interference with “standard technical measures”: The court says that of the requirements potentially entitle CafePress to DMCA protection, there’s a key factual dispute as to one additional element: by stripping metadata from photos, CafePress may have interfered with “standard technical measures” that are used by copyright owners to protect their works. Standard technical measures have several elements, including that they have been developed pursuant to a “broad consensus of copyright owners and service providers” in a transparent and open manner. While the court says plaintiff hasn’t provided evidence that metadata falls into this category, the court notes metadata presumably constitutes a standard technical measure because metadata is an “easy and economical way to attach copyright information to an image.” Again, this precludes judgment at the summary judgment stage as to CafePress’s entitlement to DMCA immunity.

__

Ugh. One thing I didn’t mention is that after jumping through the various DMCA hoops and finding that CafePress may not necessarily qualify, the court ends up striking plaintiff’s request for statutory damages and attorneys’ fees. This case turns out to be a particularly bad one to make broad findings regarding an intermediary’s entitlement to DMCA safe harbor, given that:

only $6,320 worth of product bearing the allegedly infringing content was sold through CafePress, the damages at issue are undoubtedly minuscule to the resources the parties have sunk into the dispute;

it’s undisputed that CafePress did not receive any DMCA takedown notices from plaintiff and, in fact, immediately took down any allegedly infringing content of which it was aware;

plaintiff already settled with another defendant, which will have some effect on the extent of CafePress’s liability (and result in some sort of reduction to it).

The amount at stake in this lawsuit barely takes it out of the small claims category. I would bet that CafePress made an offer of judgment to plaintiff roughly in the neighborhood of $7,500 or $10,000, which could put plaintiff at risk for attorneys’ fees to the extent he recovers less than the amount offered. I’m surprised the judge didn’t rule on the statutory damages issue first, give the parties a chance to explore settlement (or all-but force them to settle), and then, if only absolutely necessary, tackle the DMCA issues. (Cf. Eric’s post on the inefficacy of the DMCA as a true safe harbor scheme.) [Added: via email Marc Randazza notes “[i]n copyright cases, Rule 68 only shifts costs in the 9th…fees in 11 th.” I still think it raises the risk for plaintiff.]

The court’s conclusion that CafePress is not necessarily a service provider is curious, and not surprisingly, the court doesn’t offer any direct citations for this proposition.

On the other hand, the finding that CafePress’s downstream activities over which it exercises control may cause it to lose DMCA protection is more defensible, but separate prongs of the statute tackle this, and the court should have just analyzed the issues as they come up in the statute. The court’s DMCA analysis feels muddled overall, and even when it tackles the financial benefit + right and ability to control question, it seemed like the tests used by the court were spilling over into each other. (CafePress’s acts—exercise of control and setting prices—that cause it to fall outside of service provider status are covered by other specific aspects of the DMCA statute.)

CafePress’s curation and selection of what can be sold through its store and licensed to third parties are not intermediary-like. While I like Eric’s distinction below between on- and off-line activities, I think Viacom is slightly more ambiguous as to whether an intermediary is always protected for its syndication activities and the facts here also seemed somewhat unclear about what exactly CafePress’s marketing department did.

One possible takeaway from this case is that the exercise of discretion can be a dangerous thing to a service provider. A related question the case raises is whether the result would have been different if CafePress had simply used an automated/popularity-driven means to determine what gets sold via its marketplace and what deserves prominence. From a risk/liability standpoint, move vote would be to opt for automation and algorithm-driven over human curation.

The fact that CafePress gets dinged for removal of metadata is a tough break and also significant. Sites often strip metadata as a matter of course, and although metadata can cut both ways (it can be used to filter and bolster DMCA safe harbor and can be used to locate and access infringing content possibly triggering red flag knowledge), this ruling is a data point that taking a neutral approach to metadata by stripping it is not itself without risks. As Eric notes below, there’s not a whole lot of precedent for the proposition that metadata is a standard technical measure, and despite citing to the plaintiff’s failure to allege facts regarding the widespread adoption of metadata the court essentially places the burden on CafePress to show that metadata is not a standard technical measure. (Interestingly, plaintiff did not allege a claim for removal or alteration of copyright management information.)

[NB: CafePress has fought numerous battles as an intermediary, but most have involved trademark or publicity rights.]
____

Eric’s Comments: This opinion is all kinds of crazy. I don’t know how the court got it so wrong in so many places. Some of the worst aspects:

* Of course CafePress meets the statutory definition of a “service provider” for 512 purposes. It is a “provider of online services.” The court’s concern is relevant to the inquiry of whether CafePress is “storing at the user’s direction.” Trying to address that issue in the definition of “service provider” is, in Venkat’s words, “muddled” at best.

* The court never says that metadata qualifies as a “standard technical measure,” and for good reason. I don’t think we’ve reached the statutorily required industry consensus on that point. So the rest of the 512(i) discussion feels like dicta.

* Most fundamentally, the court conflates CafePress’ online and offline activities. I think CafePress clearly qualifies for 512 protection for its online hosting activities (including any syndication of its listings per Viacom v. YouTube), but 512 doesn’t protect its offline print-on-demand manufacturing and delivery business. Thus, eBay and Amazon are fully protected by 512 for running online ads in their marketplaces. Because they don’t do any 512-disqualifying order fulfillment, they get 512 protection for all of their marketplace operations. CafePress should get identical 512 protection for its marketplace operations. This ruling should panic eBay, Amazon and the many other marketplace operators who think they have 512 protection.

Despite the terrible legal rulings, CafePress has already won this particular lawsuit by getting the summary judgment on statutory damages. I’m sure the plaintiff has already spent more than the maximum possible damages recovery it could obtain here (probably less than $7k), so any further money the plaintiff spends on this case will just compound its losses. This leads to the awkward dynamic where CafePress presumably wants to press this case forward, or even appeal it, so that it can fix the judge’s legal errors, and the plaintiff presumably just wants this case to stop to staunch the cash hemorrhaging on its so-called “win.” This creates some weird settlement possibilities. It’s too bad if this case settles, because I would love to see CafePress appeal the ruling and, I hope, fix it on appeal.
____